___ ___ erkimt Get database data ______ qstntxt ___

Well it's the following I have the following code:

%pre%

Supposedly, I want to get the login data, where login is equal to $ login variable, and then display the login password, however the following errors appear:

  

Warning: mysqli_query () expects at least 2 parameters, 1 given in   C: \ Program Files \ VertrigoServ \ www \ adm \ logar.php on line 9

     

Warning: mysql_fetch_array () expects parameter 1 to be resource, null   given in C: \ Program Files \ VertrigoServ \ www \ adm \ logar.php on line 10

What's wrong?

Thank you.

    
______ azszpr115525 ___

The %code% function in procedural mode waits for a parameter variable to create a connection with the bank and the one with the query itself, you are just passing the query.

Try this:

%pre%

However, the query would be very vulnerable in this way, you could parameterize this query, like this:

%pre%

This narrows the vulnerability a bit, but does not mean that the code is safe with just that.

    
______ azszpr115524 ___

It is necessary to pass the connection parameters when using the mysqli_query functions, and as the comrade said, try not to mix the two libraries.

More about mysqli: link

    
___

0

Well it's the following I have the following code:

<?php
$verifica = mysqli_query("SELECT * from dados WHERE login='$login'");
$array = mysql_fetch_array($verifica);

$array[senha];

?>

Supposedly, I want to get the login data, where login is equal to $ login variable, and then display the login password, however the following errors appear:

  

Warning: mysqli_query () expects at least 2 parameters, 1 given in   C: \ Program Files \ VertrigoServ \ www \ adm \ logar.php on line 9

     

Warning: mysql_fetch_array () expects parameter 1 to be resource, null   given in C: \ Program Files \ VertrigoServ \ www \ adm \ logar.php on line 10

What's wrong?

Thank you.

    
asked by anonymous 27.02.2016 / 01:13

2 answers

4

The mysqli_query() function in procedural mode waits for a parameter variable to create a connection with the bank and the one with the query itself, you are just passing the query.

Try this:

$link = mysqli_connect("localhost", "my_user", "my_password", "dbname");

$verifica = mysqli_query($link, "SELECT * from dados WHERE login='$login'");
$array = mysqli_fetch_array($verifica);

$array['senha'];

However, the query would be very vulnerable in this way, you could parameterize this query, like this:

$link = mysqli_connect("localhost", "my_user", "my_password", "dbname");
//prepara a query pra receber o parametro ?
$stmt = mysqli_prepare($link, "SELECT senha from dados WHERE login= ?");
//passa o parametro e o tipo("s" quer dizer string)
mysqli_stmt_bind_param($stmt, "s", $login);
//executa a query
mysqli_stmt_execute($stmt);
//vincula o retorno a variavel $verifica
mysqli_stmt_bind_result($stmt, $verifica);
mysqli_stmt_fetch($stmt);
printf($verifica);// exibe a senha
/* fecha o statement */
mysqli_stmt_close($stmt);

This narrows the vulnerability a bit, but does not mean that the code is safe with just that.

    
27.02.2016 / 01:25
0

It is necessary to pass the connection parameters when using the mysqli_query functions, and as the comrade said, try not to mix the two libraries.

More about mysqli: link

    
27.02.2016 / 01:21